Oregon Health Insurance Exchange Failure: Blame Runs Deep

Excessive optimism, weak oversight, and poor performance by Oracle consultants all contributed to the failure of the Cover Oregon health insurance exchange (HIX) to deliver a functioning consumer website, according to a report commissioned by Oregon Governor John Kitzhaber, which he released at a news conference Thursday.

"I am angry and I am disappointed by the rollout of Cover Oregon and the ongoing technical problems that have created delays, uncertainty, and frustration among Oregonians who need and deserve healthcare," Kitzhaber said.

The state released the full, unredacted report, meaning that it names names, pointing to Rocky King, Bruce Goldberg, and Carolyn Lawson as the key decision makers on the project. During the news conference, Kitzhaber announced that Goldberg will resign as director of the Oregon Health Authority, staying only until a replacement is found. His resignation follows those of King and Lawson, who previously served, respectively, as director of Cover Oregon and CIO of the Oregon Health Authority.

The report, authored by First Data Government Solutions, echoes the findings of other investigations, including a report commissioned by the Centers for Medicare and Medicaid Services (CMS), that found substantial fault with both the primary contractor on the project, Oracle, and with the state project managers and executives overseeing the work.

Kitzhaber called the report "a very credible and sobering critique" of a complete breakdown in project management and administrative oversight. Even though the state employed a quality-assurance contractor, Maximus, which early on sounded alarms about inadequate processes and controls, the project's personnel over time "became desensitized to quality assurance reports showing the project was not on track," he said.

Maximus rated the Cover Oregon project high risk, from the beginning, in multiple categories.

Kitzhaber also pointed to "very serious questions of the quality of work of our primary website developer, Oracle," particularly its inability to accurately estimate its progress toward project goals or keep its commitments to a schedule.

One of the project's fatal flaws was unrealistic optimism, Kitzhaber said. He acknowledged seeing project reports with multiple elements flagged in red, indicating high risk, on progress charts, but accepted assurances that those risks would come down as the deadline neared. Asked about his own responsibility for executive oversight of the project, he said, "The buck stops here, and I assume responsibility for that," but also noted that, "as it turns out, neither me or most of the legislature builds websites, so we have to rely on other people to give us information."

One thing Kitzhaber said he wishes he had done differently was look at how those QA reports tracked over time, rather than looking at them in isolation. "It's very clear, if you look back, that some problems Cover Oregon said had been addressed... appeared again in subsequent Maximus reports."

First Data reported a common theme in interviews with project staff "was that both Rocky King and Carolyn Lawson were perceived as supremely confident. The interviews also confirmed that the overly optimistic schedule/scope projections were based on continued trust in Oracle and the HIX-IT leadership (Rocky King, Carolyn Lawson, and Bruce Goldberg), despite repeatedly missed deadlines." Only very late in the process, in August and September, did any of these leaders acknowledge that the initial

David F. Carr oversees InformationWeek's coverage of government and healthcare IT. He previously led coverage of social business and education technologies and continues to contribute in those areas. He is the editor of Social Collaboration for Dummies (Wiley, Oct. 2013) and ... View Full Bio

The big promise at issue seems to have been that the Oracle stack of technologies would only require 5% customization to serve the state's needs for a health insurance exchange. Perhaps that's why it seemed reasonable to state officials that the state could act as its own system integrator. Whether that was reasonable at any percentage is questionable, but they were trying to figure out how to make the budget work.

With Oracle consultants to customize the Oracle software, what could go wrong?

predictably Oregon liberals promised the world and once again delivered a pile of &^%$. It isn't by chance Oregon is now #1 in homelessness and the #1 user in food stamps. This gross incompetence goes far beyond Cover Oregon.

My mother was a pioneer in the field of occupational nursing, and ran the medical department's for Oregon's giants in industry. She was directly responsible for the immediate health care of over 30K oregon blue collar workers when they injured themselves on the job.

Every time liberals reformed our health care they buried my mother in more paperwork, and added far more dysfunction to the system then the educated idiots claimed to be solving.

Liberals told us they reformed health care through Obamacare. They lied to push this through. Then when busted in their lies they lied all the more. When Obama rating dropped he had a mia culpa moment, and has now vowed to reform Obamacare. You do not reform a social disease, you kill it before it kills you.

The time limit "feature" cutting off subscribers mentioned here is a sure tip off of the bad (or just plain lack of) design review that only scratches the surface of the problems. The ultimate driver is the fact that non technical people were in charge, and good *technical* program management from the get-go is a vital element that will doom a complex development effort if it's neglected. As a Sr. Test engineer of 25 years I saw this in places that really, really should have had their act together and the "tells" were many (no good requirements base defined to ground the product definition, no Engineering Review Boards to govern needed ongoing changes, no technical milestones scheduled to check development and testing progress, etc., etc.). So it's absolutely no surprise to me that letting folks without any large-scale network centric project experience lead the OR exchange ended up with an unholy mess. But before you get down on the people involved too badly you have to consider that there are many, many smooth talking consultant firms and product providers out there who wanted in on the ACA cash-cow but were in fact way out the their own league techically with a ACA system. In the end this is a good example of the blind leading the blind right into a ditch.

As a user who was in Mexico at the time this rolled out, I found it a nightmare. The form you had to fill out was 19 pages and they allowed 1 hour to do it or they dumped your data. There might have been a way to save it but I could not figure it out.

Internet access in Baja was very limited where we were staying and the only way I could figure out to make it work was to print the forms, fill them out on paper, and then use keyboard short cuts to enter the data. I was able to enter the data for 2 people in one familiy in about 45 minutes and met their dead line to file. This was after putting the data in the first time and missing the 1 hour cut off and loosing it all.

I have worked on seveal large IT type software projects and this one seem to be implemented with out thought of what was being required of the user.

Just to add fuel to the fire, they chose a new free area code number which was 855 for their phone number. There was no way to dial this from the Telcel network in Mexico because a new work around prefix had not been assigned.

I think there was considerable over reaction in the case of HealthCare.gov. It could have been built better, and load tested much better, but it seemed workable. At least from an outsider's perspective.

The Oregon site sounds like a different beast entirely. Sounds like questionable decisions all the way at the top of the project, what some would call "Architecture Defects". A serious architecture defect usually renders the code built to that architecture to be straight out useless. Or, even worse, it looks like the code can be wrenched around to suit the new architecture. Then you end up with that laegacy codebase experience, but with your brand new shiny code. Well, not so shiny!

I could be way off, but from what I have read, it sounds like the problems go all the way to the architecture.

Many were making the same argument for the federal Healthcare.gov: Ditch it and start over. I'm not convinced that would have been the better course of action, though I'm no defender of the "tech surge" that's supposedly putting that Humpty Dumpty back together again.

Have seen several projects that were "nearly finished" where in fact, starting over from scratch would have been much more economical. But this rarely goes over well "Hey all that money you just spent, it was totally wasted because we have to start over. Yup, you lost all that money and time!"

This is often the result of technical decisions being made by people not qualified to make them.

Am watching one particular slow motion train wreck from the sidelines right now, thankful that I am not involved. Marketing making technical decisions because they have the ear of the CEO. And making bad, terrifyingly bad decisions. When it all goes sideways, and it will go terribly sideways, blame will land on IT.

According to the Oregonian: "Kitzhaber said he also asked the Cover Oregon board to remove Triz DelaRosa, chief operating officer for Cover Oregon, and Aaron Karjala, Cover Oregon's chief information officer."